The State Revenue Office of Victoria, the department responsible for administering the state’s taxation system, has suffered a data breach and a hacker group is offering to sell the data online.
The attack follows a spate of data breaches and hacks at major Australian companies in recent months, most prominently telecommunications giant Optus and insurer Medibank. TPG Telecom also revealed this week that someone had broken into email servers to prowl for users’ cryptocurrency information.
The SRO confirmed to The Australian Financial Review that it had suffered a “cyber incident involving a third-party provider”, but assured that “no customer data is involved” in the breach.
The SRO said a hacker had accessed a development copy of its website through a third-party service provider, and that the government’s cyber incident response service was investigating.
Hacking group KelvinSecurity is offering to sell a gigabyte of data on the dark web Breached forum that it claims is from the SRO, according to screenshots of the forum provided to the Financial Review.
Zac Dromi, managing director of Shield Corporate Security, which first noticed the post, said the sample data appeared to include government email addresses.
The SRO is responsible for administering Victoria’s duties and levies such as land and payroll taxes. It is also responsible for several grant schemes, including the First Home Owner Grant. The department has 651 staff.
The recent flow of data breaches and hacks has prompted the Albanese government to develop a seven-year cybersecurity strategy headed by former Telstra boss Andy Penn.
Mr Penn last week said there was a growing trend of nation-states identifying flaws in systems and sharing the information on the dark web for criminals to exploit.
“Companies often use ubiquitous programs and applications made by big software providers … nation-sponsored actors will identify the weaknesses in these programs and post it to the dark web for cybercriminals to exploit,” he said.
- Article first appeared in Australian Financial Review. Read the full article here.